Core Security

131 exploits Active since Mar 2003
CVE-2003-0128 EXPLOITDB text WORKING POC
Ximian Evolution Mail User Agent <= 1.2.2 - Denial of Service and Possible Remote Code Execution via UUE Header
The try_uudecoding function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malicious uuencoded (UUE) header, possibly triggering a heap-based buffer overflow.
CVE-2017-8852 EXPLOITDB HIGH python WORKING POC
SAP SAPCAR 721.510 - Heap-Based Buffer Overflow via Crafted CAR Archive
SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note 2441560.
CVSS 7.8
CVE-2016-5847 EXPLOITDB MEDIUM text WRITEUP
SAP SAPCAR Archive Tool - Arbitrary File Permission Change via Hard Link Attack
SAP SAPCAR allows local users to change the permissions of arbitrary files and consequently gain privileges via a hard link attack on files extracted from an archive, possibly related to SAP Security Note 2327384.
CVSS 5.8
CVE-2006-6563 EXPLOITDB python WORKING POC
ProFTPD <1.3.1rc1 - Buffer Overflow
Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.
CVE-2010-2891 EXPLOITDB text WRITEUP
libsmi 0.4.8 - Buffer Overflow via Long OID String
Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters.
CVE-2018-6230 EXPLOITDB MEDIUM text WORKING POC
Trend Micro Email Encryption Gateway 5.5 - SQL Injection via Search Configuration Script
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 search configuration script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.
CVSS 6.8
CVE-2013-2570 EXPLOITDB CRITICAL text WRITEUP
Zavio IP Cameras <1.6.3 - Command Injection
A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 in the General.Time.NTP.Server parameter to the sub_C8C8 function of the binary /opt/cgi/view/param, which could let a remove malicious user execute arbitrary code.
CVSS 9.8
CVE-2013-4985 EXPLOITDB HIGH text WORKING POC
Vivotek IP7160 IP7361 IP8332 Firmware - Unauthenticated RTSP Authentication Bypass
Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream
CVSS 7.5
CVE-2013-1598 EXPLOITDB HIGH text WORKING POC
Vivotek PT7135 Firmware 0300a and 0400a - OS Command Injection via system.ntp Parameter
A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code.
CVSS 8.8
CVE-2014-0999 EXPLOITDB text WORKING POC
Sendio < 7.2.3 - Session Identifier Exposure via Referrer HTTP Header
Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header.
CVE-2013-1605 EXPLOITDB text WORKING POC
MayGion IP Camera Firmware < 2013.04.22 (05.53) - Remote Code Execution via Long Filename
Buffer overflow in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to execute arbitrary code via a long filename in a GET request.
CVE-2013-4977 EXPLOITDB text WORKING POC
Hikvision DS-2CD7153-E <4.1.0 b130111 - Buffer Overflow
Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E IP camera with firmware 4.1.0 b130111 (Jan 2013), and possibly other devices, allows remote attackers to cause a denial of service (device crash and reboot) and possibly execute arbitrary code via a long string in the Range header field in an RTSP transaction.
CVE-2013-2574 EXPLOITDB HIGH text WRITEUP
FOSCAM IP Camera FI8620 - Info Disclosure
An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insufficient access restrictions in the /tmpfs/ and /log/ directories, which could let a malicious user obtain sensitive information.
CVSS 7.5
CVE-2013-1603 EXPLOITDB MEDIUM text WRITEUP
D-Link DCS and WCS Firmware - Unauthenticated Remote Access via Hard-coded Credentials
An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS-3410 1.02, DCS-2121 1.06_FR, DCS-2121 1.06, DCS-2121 1.05_RU, DCS-2102 1.06_FR, DCS-2102 1.06, DCS-2102 1.05_RU, DCS-1130L 1.04, DCS-1130 1.04_US, DCS-1130 1.03, DCS-1100L 1.04, DCS-1100 1.04_US, and DCS-1100 1.03 due to hard-coded credentials that serve as a backdoor, which allows remote attackers to access the RTSP video stream.
CVSS 5.3
CVE-2015-2279 EXPLOITDB CRITICAL text WORKING POC
AirLive BU-2015, BU-3026, and MD-3025 - OS Command Injection via cgi_test.cgi Parameters
cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote attackers to execute arbitrary OS commands via shell metacharacters after an "&" (ampersand) in the write_mac write_pid, write_msn, write_tan, or write_hdv parameter.
CVSS 9.8
CVE-2013-2571 EXPLOITDB CRITICAL text WORKING POC
hcomm xpient_iris < 3.8 - Remote Code Execution via TCP Port 7510
Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the cash drawer.
CVSS 9.8
CVE-2015-2280 EXPLOITDB HIGH text WRITEUP
AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP Firmware - Authenticated OS Command Injection via mac Parameter
snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FW_AIC1620W_1.1.0-12_20120709_r1192.pck allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the mac parameter.
CVSS 8.8
CVE-2013-2581 EXPLOITDB text WRITEUP
TP-Link IP Cameras <LM.1.6.18P12_sign6 - RCE
cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to modify the firmware revision via a "preset" action.
CVE-2013-2573 EXPLOITDB CRITICAL text WRITEUP
TP-Link IP Camera - Command Injection
A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft.cgi file in TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G. and 4171G 1.6.18P12s, which could let a malicious user execute arbitrary code.
CVSS 9.8
CVE-2018-0710 EXPLOITDB HIGH text WORKING POC
QNAP Q'center < 1.7.1063 - Authenticated OS Command Injection via SSH
Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
CVSS 8.8
EIP-2026-101100 EXPLOITDB text WORKING POC
TP-LINK TDDP - Multiple Vulnerabilities
CVE-2014-0984 EXPLOITDB text WRITEUP
SAP Router - Timing Side-Channel Attack via Password Validation
The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack.
CVE-2013-1606 EXPLOITDB text WORKING POC
Ubiquiti AirVision Firmware < 1.1.6 - Remote Code Execution via RTSP DESCRIBE Request
Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT AirCam with airVision firmware before 1.1.6 allows remote attackers to execute arbitrary code via a long rtsp: URI in a DESCRIBE request.
EIP-2026-101034 EXPLOITDB python WORKING POC
Linksys Devices 1.42/1.43 - 'GET' Buffer Overflow (PoC)
CVE-2016-1885 EXPLOITDB MEDIUM c WORKING POC
FreeBSD <9.3p39, 10.1p31, 10.2p14 - DoS
Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows local users to cause a denial of service (kernel panic) via an i386_set_ldt system call, which triggers a heap-based buffer overflow.
CVSS 6.2